I have been thinking through the implementation of something that I am calling the "Entity Profiler." The idea/concept was passed on to me by James Sirota and I think it would be very useful as a part of Metron.
I have a draft design that I would love to get feedback on. Please see the attached PDF. If anything is not clear, please let me know. *The Entity Profiler is a feature extraction mechanism that can capture a Profile that describes any Entity on a network. The Entity might be a server, user, subnet or application. The Profile itself is simply a time series of numeric values. * *The Entity Profiler will enable feature extraction using sliding windows over streaming telemetry data. The Entity Profiler will enable a summary statistic to be applied to raw data over a given time horizon. Collecting these values across many time horizons results in a time series that is useful for analysis.* Hopefully that is enough of a tease to gain your interest. Thanks -- Nick Allen <[email protected]>
